Universal Plug and Play (UPnP) is increasing in importance as a standard for private area networking such as home networking. UPnP, however, does not provide support remote access to devices in a private area network over other networks such as the Internet or another private area network.
The Internet enables devices to be connected essentially anywhere at anytime. Utilizing the Internet, users desire to access content/services in private networks such as a home network, and control devices and services in such networks from anywhere (e.g., remotely) and at any time. As such, there has been a need for an approach that enables UPnP devices on the Internet, or UPnP devices in a private network, or access to UPnP devices in another private network.
The Simple Service Discovery Protocol (SSDP) forms the foundation of the UPnP standard. A first aspect of the SSDP involves service discovery requests. The UPnP control point in a UPnP network multicasts requests to look for any online UPnP devices in the network. The UPnP device listens for such requests, and when it receives such a request, the UPnP device sends a unicast response back to the requesting UPnP control point. The UPnP device also periodically advertises itself by multicasting its presence in the network. When a UPnP control point receives such advertisement, it can consider the advertising UPnP device as online and ready to be used.
The multicast request/unicast response mechanism works reasonably well in a private network, because a private network usually comprises a simple network wherein a multicast message can reach every UPnP device and UPnP control point in the network. If a private network includes multiple subnets, a multicast forwarding module in each of the subnet routers enables multicast messages to travel across subnets and reach every device in the network.
The SSDP protocol breaks down, however, for remote access to UPnP devices in a network, due to security concerns. There are two types of remote access. The first type involves a remote device directly connected to a private network including a gateway via a secured link (e.g., a virtual private network (VPN) connection). The gateway can be configured such that the remote device that connects to the private network via the secured link becomes a part of the private network (e.g., the remote device is temporarily assigned a private Internet Protocol (IP) address such that it can communicate with other devices in the network via user datagram protocol (UDP) and/or transport control protocol (TCP) communication directly).
The second type of remote access is to allow devices in one private network to connect to devices in another private network via a secured link (e.g., a VPN). This is typically achieved by setting up a secured link between gateways in the two networks such that a gateway that initializes the secured link is temporarily assigned a private IP address by the other gateway. As a result, a gateway in one network can reach any device in the other network.
In remote access cases, security must also be considered. For example, if a homeowner's mobile device establishes a secured link back to the homeowner's home network, the homeowner would desire to “see” and control all available devices in the home network. However, if a guest's mobile device establishes a secured link to a home network, the homeowner would desire to control what devices, services and contents can be “seen” or controlled by the guest. The same security concern applies to a home-to-home scenario, wherein a home gateway establishes a secured link to a remote home network, such that the remote home network's owner desires to control which devices, services and contents can be seen by a guest.
Such security concerns are not addressed by the SSDP discovery protocol, because in the SSDP protocol, a UPnP control point multicasts a request message, and expects a discovered device to respond to the control point directly via a unicast response. This means that multicast messages must be forwarded by the private network gateway, and the remote UPnP control point on a communication link that makes such multicast requests can be directly reachable by UPnP devices in the other networks. Such direct reachability makes a private network vulnerable to security attacks because the private network gateway cannot enforce the security policy on the incoming access requests from the remote UPnP control point, and further the gateway cannot enforce security policies for any messages originating from devices in the network and terminating on the remote UPnP control point.
The multicast message forwarding between the remote UPnP control point and UPnP devices in a private network can be enabled by a multicast forwarding module in the private network gateway. For security, such multicast forwarding should be turned off such that the UPnP control point can only discover devices and services in the private network under the control of the network owner. Turning off the multicast forwarding also disables advertisements from UPnP devices in the network from reaching the remote UPnP control point. However, turning off multicast forwarding completely disables the SSDP.
Further, the conventional UPnP architecture is designed for consumer electronics devices in a home networked environment, which is typically a local area network (LAN). Therefore, timeout in the conventional UPnP SSDP assumes small network latency in transporting UPnP messages. Accessing home devices remotely via the Internet typically incurs large, unpredictable network latency that usually results in responses to the SSDP M-SEARCH to timeout. As a result, a remote control point cannot detect a device in a remote home network even if it is operational and online.
In addition, for security and privacy reasons, such a homeowner would desire to control devices and services that can be remotely controlled via the Internet. For example, a home surveillance camera should not be accessible by anyone on the Internet unless the remote user is a homeowner or an authorized user. Because UPnP is designed for a home networking environment, security is not a major concern on the UPnP architecture. However, security is a critical concern when UPnP is extended for remote access. Existing UPnP security architectures do not address access control device and service discovery. In essence, conventionally all UPnP devices and services can be discovered using the SSDP, and access control is applied when a service is being accessed on a device. However, this has two disadvantages. First, making every device and service in a home network discoverable on the Internet raises privacy concerns. Second, a user cannot selectively control the actions that a remote device can perform on a device in the network. For example, a homeowner cannot specify that a remote device can view video from a surveillance camera in the network, but cannot change the viewing angle of the camera.
There is, therefore, a need for method and system for remote access to UPnP devices, allowing multicast forwarding such that message forwarding occurs at the UPnP layer instead of at the IP layer, where security policy at the UPnP layer cannot be enforced. There is also a need for such a method and system to address the remote access timeout problem, and provide improved discovery and access control for UPnP devices and services in a network.